[Secure-testing-commits] r23689 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Sep 16 21:14:26 UTC 2013 

Author: joeyh
Date: 2013-09-16 21:14:26 +0000 (Mon, 16 Sep 2013)
New Revision: 23689

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-09-16 17:52:25 UTC (rev 23688)
+++ data/CVE/list	2013-09-16 21:14:26 UTC (rev 23689)
@@ -52,34 +52,28 @@
 	NOT-FOR-US: Design-approval-system Plugin for WordPress
 CVE-2013-XXXX [https://www.wireshark.org/security/wnpa-sec-2013-60.html ]
 	- wireshark 1.10.2-1
-CVE-2013-5722
-	RESERVED
+CVE-2013-5722 (Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x ...)
 	{DSA-2756-1}
 	- wireshark 1.10.2-1
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-59.html
-CVE-2013-5721
-	RESERVED
+CVE-2013-5721 (The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ ...)
 	- wireshark 1.10.2-1 (unimportant)
 	NOTE: Not suitable for code injection
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-58.html
-CVE-2013-5720
-	RESERVED
+CVE-2013-5720 (Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 ...)
 	{DSA-2756-1}
 	- wireshark 1.10.2-1
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-57.html
-CVE-2013-5719
-	RESERVED
+CVE-2013-5719 (epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark ...)
 	- wireshark 1.10.2-1 (unimportant)
 	NOTE: Not suitable for code injection
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-56.html
-CVE-2013-5718
-	RESERVED
+CVE-2013-5718 (The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in ...)
 	{DSA-2756-1}
 	- wireshark 1.10.2-1
 	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-55.html
-CVE-2013-5717
-	RESERVED
+CVE-2013-5717 (The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does ...)
 	- wireshark 1.10.2-1
 	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
 	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
@@ -156,8 +150,7 @@
 	RESERVED
 CVE-2013-5676
 	RESERVED
-CVE-2013-5674 [Unserialize external input allows object injection]
-	RESERVED
+CVE-2013-5674 (badges/external.php in Moodle 2.5.x before 2.5.2 does not properly ...)
 	- moodle 2.5.2-1
 	[squeeze] - moodle <not-affected> (Only affects 2.5.x)
 CVE-2013-5669
@@ -615,13 +608,12 @@
 	RESERVED
 CVE-2013-5497
 	RESERVED
-CVE-2013-5496
-	RESERVED
+CVE-2013-5496 (Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote ...)
 	NOT-FOR-US: Cisco NX-OS
-CVE-2013-5495
-	RESERVED
-CVE-2013-5494
-	RESERVED
+CVE-2013-5495 (Cross-site scripting (XSS) vulnerability in the web framework in the ...)
+	TODO: check
+CVE-2013-5494 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
+	TODO: check
 CVE-2013-5493 (The diagnostic module in the firmware on Cisco Virtualization ...)
 	NOT-FOR-US: Cisco
 CVE-2013-5492 (administration.jsp in Cisco SocialMiner allows remote attackers to ...)
@@ -1575,13 +1567,13 @@
 	NOT-FOR-US: Kwok Information Server
 CVE-2013-5027
 	RESERVED
-CVE-2013-5026 (Unspecified vulnerability in an ActiveX control in National ...)
+CVE-2013-5026 (An ActiveX control in lookout650.ocx, lookout660.ocx, and ...)
 	NOT-FOR-US: National Instruments Lookout
-CVE-2013-5025 (Unspecified vulnerability in an ActiveX control in the Help subsystem ...)
+CVE-2013-5025 (An ActiveX control in exlauncher.dll in the Help subsystem in National ...)
 	NOT-FOR-US: National Instruments
-CVE-2013-5024 (Unspecified vulnerability in an ActiveX control in ...)
+CVE-2013-5024 (An ActiveX control in NationalInstruments.Help2.dll in National ...)
 	NOT-FOR-US: National Instruments
-CVE-2013-5023 (Unspecified vulnerability in an ActiveX control in the HelpAsst ...)
+CVE-2013-5023 (The ActiveX controls in the HelpAsst component in NI Help Links in ...)
 	NOT-FOR-US: National Instruments
 CVE-2013-5022 (Absolute path traversal vulnerability in the 3D Graph ActiveX control ...)
 	NOT-FOR-US: National Instruments
@@ -2064,20 +2056,15 @@
 	RESERVED
 CVE-2013-4814
 	RESERVED
-CVE-2013-4813
-	RESERVED
+CVE-2013-4813 (The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) ...)
 	NOT-FOR-US: HP
-CVE-2013-4812
-	RESERVED
+CVE-2013-4812 (UpdateCertificatesServlet in the SNAC registration server in HP ...)
 	NOT-FOR-US: HP
-CVE-2013-4811
-	RESERVED
+CVE-2013-4811 (UpdateDomainControllerServlet in the SNAC registration server in HP ...)
 	NOT-FOR-US: HP
-CVE-2013-4810
-	RESERVED
+CVE-2013-4810 (HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity ...)
 	NOT-FOR-US: HP
-CVE-2013-4809
-	RESERVED
+CVE-2013-4809 (Multiple SQL injection vulnerabilities in GetEventsServlet in HP ...)
 	NOT-FOR-US: HP
 CVE-2013-4808 (Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and ...)
 	NOT-FOR-US: HP
@@ -2340,8 +2327,7 @@
 	RESERVED
 CVE-2013-4705 (Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows ...)
 	NOT-FOR-US: Opera
-CVE-2013-4704
-	RESERVED
+CVE-2013-4704 (Cross-site scripting (XSS) vulnerability in ChamaNet ChamaCargo 7.0000 ...)
 	NOT-FOR-US: ChamaNet ChamaCargo
 CVE-2013-4703 (Cross-site scripting (XSS) vulnerability in the top-page customization ...)
 	NOT-FOR-US: Cybozu Office
@@ -3119,8 +3105,7 @@
 	- linux-2.6 <not-affected> (Introduced in 3.8)
 CVE-2013-4342
 	RESERVED
-CVE-2013-4341 [XSS in remote blog/rss include]
-	RESERVED
+CVE-2013-4341 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle through ...)
 	- moodle 2.5.2-1
 CVE-2013-4340 (wp-admin/includes/post.php in WordPress before 3.6.1 allows remote ...)
 	{DSA-2757-1}
@@ -3197,8 +3182,7 @@
 CVE-2013-4314 [hostname check bypassing vulnerability]
 	RESERVED
 	- pyopenssl <unfixed> (bug #722055)
-CVE-2013-4313 [potential sql injection]
-	RESERVED
+CVE-2013-4313 (Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and ...)
 	- moodle 2.5.2-1
 	[squeeze] - moodle <not-affected>
 CVE-2013-4312
@@ -6607,55 +6591,43 @@
 	{DSA-2741-1}
 	- chromium-browser 29.0.1547.57-1
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2013-2899
-	RESERVED
+CVE-2013-2899 (drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) ...)
 	- linux 3.10.11-1 (low)
 	- linux-2.6 <not-affected> (driver introduced in 2.6.35)
-CVE-2013-2898
-	RESERVED
+CVE-2013-2898 (drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) ...)
 	- linux 3.10.11-1 (low)
 	[wheezy] - linux <not-affected> (driver introduced in 3.7)
 	- linux-2.6 <not-affected> (driver introduced in 3.7)
-CVE-2013-2897
-	RESERVED
+CVE-2013-2897 (Multiple array index errors in drivers/hid/hid-multitouch.c in the ...)
 	- linux <unfixed> (low)
 	- linux-2.6 <not-affected> (driver introduced in 2.6.38)
-CVE-2013-2896
-	RESERVED
+CVE-2013-2896 (drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem ...)
 	- linux 3.10.11-1 (low)
 	- linux-2.6 <not-affected> (Vulnerable feature probing code not present)
-CVE-2013-2895
-	RESERVED
+CVE-2013-2895 (drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) ...)
 	- linux <unfixed> (low)
 	- linux-2.6 <not-affected> (driver introduced in 3.2)
-CVE-2013-2894
-	RESERVED
+CVE-2013-2894 (drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) ...)
 	- linux <unfixed> (low)
 	[wheezy] - linux <not-affected> (driver introduced in 3.6)
 	- linux-2.6 <not-affected> (driver introduced in 3.6)
-CVE-2013-2893
-	RESERVED
+CVE-2013-2893 (The Human Interface Device (HID) subsystem in the Linux kernel through ...)
 	- linux <unfixed> (low)
 	- linux-2.6 <removed> (low)
-CVE-2013-2892
-	RESERVED
+CVE-2013-2892 (drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in ...)
 	- linux 3.10.11-1 (low)
 	- linux-2.6 <removed> (low)
-CVE-2013-2891
-	RESERVED
+CVE-2013-2891 (drivers/hid/hid-steelseries.c in the Human Interface Device (HID) ...)
 	- linux <unfixed> (low)
 	[wheezy] - linux <not-affected> (steelseries driver introduced in 3.9)
 	- linux-2.6 <not-affected> (steelseries driver introduced in 3.9)
-CVE-2013-2890
-	RESERVED
+CVE-2013-2890 (drivers/hid/hid-sony.c in the Human Interface Device (HID) subsystem ...)
 	- linux <not-affected> (buzz driver introduced in 3.11 cycle, only in experimental)
 	- linux-2.6 <not-affected> (buzz driver introduced in 3.11 cycle)
-CVE-2013-2889
-	RESERVED
+CVE-2013-2889 (drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem ...)
 	- linux <unfixed> (low)
 	- linux-2.6 <removed> (low)
-CVE-2013-2888
-	RESERVED
+CVE-2013-2888 (Multiple array index errors in drivers/hid/hid-core.c in the Human ...)
 	- linux 3.10.11-1
 	- linux-2.6 <removed>
 CVE-2013-2887 (Multiple unspecified vulnerabilities in Google Chrome before ...)
@@ -8599,6 +8571,7 @@
 CVE-2013-2186
 	RESERVED
 CVE-2013-2185 [tomcat: arbitrary file upload via deserialization]
+	RESERVED
 	NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=974813
 	NOTE: http://www.openwall.com/lists/oss-security/2013/09/05/4
@@ -9873,8 +9846,7 @@
 	NOTE: Probably gone since 3.2.32-1, but I checked 3.2.41-2
 CVE-2013-1825
 	REJECTED
-CVE-2013-1824
-	RESERVED
+CVE-2013-1824 (The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows ...)
 	{DSA-2639-1}
 	- php5 5.4.4-14
 	NOTE: See CVE-2013-1643
@@ -10519,7 +10491,7 @@
 	- open-xchange <itp> (bug #269329)
 CVE-2013-1644
 	RESERVED
-CVE-2013-1643 (The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.13 allows ...)
+CVE-2013-1643 (The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows ...)
 	{DSA-2639-1}
 	- php5 5.4.4-14 (bug #702221)
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=c737b89473df9dba6742b8fc8fbf6d009bf05c36
@@ -12019,24 +11991,24 @@
 	RESERVED
 CVE-2013-1034
 	RESERVED
-CVE-2013-1033
-	RESERVED
-CVE-2013-1032
-	RESERVED
-CVE-2013-1031
-	RESERVED
-CVE-2013-1030
-	RESERVED
-CVE-2013-1029
-	RESERVED
-CVE-2013-1028
-	RESERVED
-CVE-2013-1027
-	RESERVED
-CVE-2013-1026
-	RESERVED
-CVE-2013-1025
-	RESERVED
+CVE-2013-1033 (Screen Lock in Apple Mac OS X before 10.8.5 does not properly track ...)
+	TODO: check
+CVE-2013-1032 (QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to ...)
+	TODO: check
+CVE-2013-1031 (Power Management in Apple Mac OS X before 10.8.5 does not properly ...)
+	TODO: check
+CVE-2013-1030 (mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 ...)
+	TODO: check
+CVE-2013-1029 (The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to ...)
+	TODO: check
+CVE-2013-1028 (The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid ...)
+	TODO: check
+CVE-2013-1027 (Installer in Apple Mac OS X before 10.8.5 provides an option to ...)
+	TODO: check
+CVE-2013-1026 (Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows ...)
+	TODO: check
+CVE-2013-1025 (Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows ...)
+	TODO: check
 CVE-2013-1024 (CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly ...)
 	NOT-FOR-US: CoreMedia Playback
 CVE-2013-1023 (WebKit, as used in Apple Safari before 6.0.5, allows remote attackers ...)
@@ -15564,8 +15536,7 @@
 	- rpm 4.10.1-2.1 (bug #697375)
 	[squeeze] - rpm <not-affected> (Introduced in rpm 4.10.0)
 	[wheezy] - rpm 4.10.0-5+deb7u1
-CVE-2012-6087 [moodle insecure curl usage]
-	RESERVED
+CVE-2012-6087 (repository/s3/S3.php in the Amazon S3 library in Moodle through ...)
 	- moodle 2.2.7.dfsg-1
 	[squeeze] - moodle <not-affected> (Vulnerable code not present)
 	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy1

More information about the Secure-testing-commits mailing list